Let's Talk

Online Banking Breach & Fraudulent Wire Attempt

Situation: An employee of a company received an automated email notification from their online banking account alerting them that an outgoing wire transfer request had been initiated. The employee had not initiated a wire transfer and immediately contacted their Bank to stop the transfer. Once the transfer was stopped, it was determined that the employee had been a victim of a man-in-the-middle phishing scheme and keylogger virus which allowed a hacker to obtain their username, password, and token information. That information was then used to log into their online banking account and initiate a wire transfer in the amount of $98,756 to a business located in a foreign country. It was determined that not only was the fraudster able to gain access to the username, password and token information, they also redirected the out-of-band authentication of an automated phone call to the employee from the Bank which was used to verify the transaction. Because the wire was stopped before being transmitted there were no losses to the Bank or to the employee.

Potential loss: The potential loss here is $98,756, including confidential account information obtained through online banking such as account number and balance(s). Additionally, employee time to contact law enforcement, close the compromised account, open a new account, contact existing vendors with automated payments of new account, and hiring of IT team to perform a network scrub and analysis of breach.

Defense: This situation’s best defense is to educate employees to not click on emails and links within emails in which the sender is unknown. Have dual control in place for one person to submit request for payment with a second person to verify the source document and approve payment. Email alerts generated from online banking such as password changes, an indicator that a payment has been originated and approved, a new user has been set up, and a way to receive transaction and balance alerts. Complete scrub of victim computer and review by IT forensic team.
 

 

NOTICE

Access to Online Private Banking is intermittently unavailable; users may not be able to access it at this time. We are working to restore access as soon as possible. If you have questions, please contact us at: 855-257-4149.

Contact Us ›

NOTICE

Access to Online Business Banking is intermittently unavailable; users may not be able to access it at this time. We are working to restore access as soon as possible. If you have questions, please contact us at:

• Wisconsin Region: 608-232-5938
• Kansas Region: 913-717-6464

NOTICE

Access to our Remote Deposit Capture system is intermittently unavailable; users may not be able to access it at this time. We are working to restore access as possible. If you have questions, please contact us at:

  1. Wisconsin Region: 608-232-5938
  2. Kansas Region: 913-717-6464

NOTICE

To protect clients and employees, we temporarily suspended courier service. For other deposit needs, please see your client email sent on 3/16/2020 for instructions regarding deposits at your local First Business Bank office.

To set up Mobile Banking, please contact our Treasury Management Support team at 608-232-5938. We will alert you when courier service is available again. Thank you.